1 /*
2 *
3 * Copyright (c) 2013, The Linux Foundation. All rights reserved.
4 * Not a Contribution.
5 *
6 * Copyright 2012 The Android Open Source Project
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you
9 * may not use this file except in compliance with the License. You may
10 * obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * permissions and limitations under the License.
19 *
20 */
21
22 /******************************************************************************
23 *
24 * Filename: hw_rome.c
25 *
26 * Description: Contains controller-specific functions, like
27 * firmware patch download
28 * low power mode operations
29 *
30 ******************************************************************************/
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 #define LOG_TAG "bt_vendor"
36
37 #include "bt_hci_bdroid.h"
38 #include "bt_vendor_qcom.h"
39 #include "hci_uart.h"
40 #include "hw_rome.h"
41
42 #include <ctype.h>
43 #include <dirent.h>
44 #include <errno.h>
45 #include <fcntl.h>
46 #include <signal.h>
47 #include <stdbool.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <sys/socket.h>
51 #include <sys/stat.h>
52 #include <sys/types.h>
53 #include <termios.h>
54 #include <time.h>
55 #include <unistd.h>
56
57 #include <cutils/properties.h>
58 #include <utils/Log.h>
59
60 #ifdef __cplusplus
61 }
62 #endif
63
64 #define RESERVED(p) if(p) ALOGI( "%s: reserved param", __FUNCTION__);
65
66 int read_vs_hci_event(int fd, unsigned char* buf, int size);
67
68 /******************************************************************************
69 ** Variables
70 ******************************************************************************/
71 FILE *file;
72 unsigned char *phdr_buffer;
73 unsigned char *pdata_buffer = NULL;
74 patch_info rampatch_patch_info;
75 int chipset_ver = 0;
76 unsigned char gTlv_type;
77 unsigned char gTlv_dwndCfg;
78 static unsigned int wipower_flag = 0;
79 static unsigned int wipower_handoff_ready = 0;
80 char *rampatch_file_path = NULL;
81 char *nvm_file_path = NULL;
82 char *fw_su_info = NULL;
83 unsigned short fw_su_offset =0;
84 extern char enable_extldo;
85 unsigned char wait_vsc_evt = TRUE;
86 bool patch_dnld_pending = FALSE;
87 int dnld_fd = -1;
88
89 /******************************************************************************
90 ** Extern variables
91 ******************************************************************************/
92
93 /*****************************************************************************
94 ** Functions
95 *****************************************************************************/
do_write(int fd,unsigned char * buf,int len)96 int do_write(int fd, unsigned char *buf,int len)
97 {
98 int ret = 0;
99 int write_offset = 0;
100 int write_len = len;
101 do {
102 ret = write(fd,buf+write_offset,write_len);
103 if (ret < 0)
104 {
105 ALOGE("%s, write failed ret = %d err = %s",__func__,ret,strerror(errno));
106 return -1;
107 } else if (ret == 0) {
108 ALOGE("%s, write failed with ret 0 err = %s",__func__,strerror(errno));
109 return 0;
110 } else {
111 if (ret < write_len) {
112 ALOGD("%s, Write pending,do write ret = %d err = %s",__func__,ret,
113 strerror(errno));
114 write_len = write_len - ret;
115 write_offset = ret;
116 } else {
117 ALOGV("Write successful");
118 break;
119 }
120 }
121 } while(1);
122 return len;
123 }
124
get_vs_hci_event(unsigned char * rsp)125 int get_vs_hci_event(unsigned char *rsp)
126 {
127 int err = 0;
128 unsigned char paramlen = 0;
129 unsigned char EMBEDDED_MODE_CHECK = 0x02;
130 FILE *btversionfile = 0;
131 unsigned int soc_id = 0;
132 unsigned int productid = 0;
133 unsigned short patchversion = 0;
134 char build_label[255];
135 int build_lbl_len;
136 unsigned short buildversion = 0;
137
138 if( (rsp[EVENTCODE_OFFSET] == VSEVENT_CODE) || (rsp[EVENTCODE_OFFSET] == EVT_CMD_COMPLETE))
139 ALOGI("%s: Received HCI-Vendor Specific event", __FUNCTION__);
140 else {
141 ALOGI("%s: Failed to receive HCI-Vendor Specific event", __FUNCTION__);
142 err = -EIO;
143 goto failed;
144 }
145
146 ALOGI("%s: Parameter Length: 0x%x", __FUNCTION__, paramlen = rsp[EVT_PLEN]);
147 ALOGI("%s: Command response: 0x%x", __FUNCTION__, rsp[CMD_RSP_OFFSET]);
148 ALOGI("%s: Response type : 0x%x", __FUNCTION__, rsp[RSP_TYPE_OFFSET]);
149
150 /* Check the status of the operation */
151 switch ( rsp[CMD_RSP_OFFSET] )
152 {
153 case EDL_CMD_REQ_RES_EVT:
154 ALOGI("%s: Command Request Response", __FUNCTION__);
155 switch(rsp[RSP_TYPE_OFFSET])
156 {
157 case EDL_PATCH_VER_RES_EVT:
158 case EDL_APP_VER_RES_EVT:
159 productid = (unsigned int)(rsp[PATCH_PROD_ID_OFFSET +3] << 24 |
160 rsp[PATCH_PROD_ID_OFFSET+2] << 16 |
161 rsp[PATCH_PROD_ID_OFFSET+1] << 8 |
162 rsp[PATCH_PROD_ID_OFFSET] );
163 ALOGI("\t Current Product ID\t\t: 0x%08x", productid);
164
165 /* Patch Version indicates FW patch version */
166 patchversion = (unsigned short)(rsp[PATCH_PATCH_VER_OFFSET + 1] << 8 |
167 rsp[PATCH_PATCH_VER_OFFSET] );
168 ALOGI("\t Current Patch Version\t\t: 0x%04x", patchversion);
169
170 /* ROM Build Version indicates ROM build version like 1.0/1.1/2.0 */
171 buildversion = (int)(rsp[PATCH_ROM_BUILD_VER_OFFSET + 1] << 8 |
172 rsp[PATCH_ROM_BUILD_VER_OFFSET] );
173 ALOGI("\t Current ROM Build Version\t: 0x%04x", buildversion);
174
175 /* In case rome 1.0/1.1, there is no SOC ID version available */
176 if (paramlen - 10)
177 {
178 soc_id = (unsigned int)(rsp[PATCH_SOC_VER_OFFSET +3] << 24 |
179 rsp[PATCH_SOC_VER_OFFSET+2] << 16 |
180 rsp[PATCH_SOC_VER_OFFSET+1] << 8 |
181 rsp[PATCH_SOC_VER_OFFSET] );
182 ALOGI("\t Current SOC Version\t\t: 0x%08x", soc_id);
183 }
184
185 /* Rome Chipset Version can be decided by Patch version and SOC version,
186 Upper 2 bytes will be used for Patch version and Lower 2 bytes will be
187 used for SOC as combination for BT host driver */
188 chipset_ver = (buildversion << 16) |(soc_id & 0x0000ffff);
189
190 break;
191 case EDL_TVL_DNLD_RES_EVT:
192 case EDL_CMD_EXE_STATUS_EVT:
193 switch (err = rsp[CMD_STATUS_OFFSET])
194 {
195 case HCI_CMD_SUCCESS:
196 ALOGI("%s: Download Packet successfully!", __FUNCTION__);
197 break;
198 case PATCH_LEN_ERROR:
199 ALOGI("%s: Invalid patch length argument passed for EDL PATCH "
200 "SET REQ cmd", __FUNCTION__);
201 break;
202 case PATCH_VER_ERROR:
203 ALOGI("%s: Invalid patch version argument passed for EDL PATCH "
204 "SET REQ cmd", __FUNCTION__);
205 break;
206 case PATCH_CRC_ERROR:
207 ALOGI("%s: CRC check of patch failed!!!", __FUNCTION__);
208 break;
209 case PATCH_NOT_FOUND:
210 ALOGI("%s: Invalid patch data!!!", __FUNCTION__);
211 break;
212 case TLV_TYPE_ERROR:
213 ALOGI("%s: TLV Type Error !!!", __FUNCTION__);
214 break;
215 default:
216 ALOGI("%s: Undefined error (0x%x)", __FUNCTION__, err);
217 break;
218 }
219 break;
220 case HCI_VS_GET_BUILD_VER_EVT:
221 build_lbl_len = rsp[5];
222 memcpy (build_label, &rsp[6], build_lbl_len);
223 *(build_label+build_lbl_len) = '\0';
224
225 ALOGI("BT SoC FW SU Build info: %s, %d", build_label, build_lbl_len);
226 break;
227 }
228 break;
229
230 case NVM_ACCESS_CODE:
231 ALOGI("%s: NVM Access Code!!!", __FUNCTION__);
232 err = HCI_CMD_SUCCESS;
233 break;
234 case EDL_SET_BAUDRATE_RSP_EVT:
235 /* Rome 1.1 has bug with the response, so it should ignore it. */
236 if (rsp[BAUDRATE_RSP_STATUS_OFFSET] != BAUDRATE_CHANGE_SUCCESS)
237 {
238 ALOGE("%s: Set Baudrate request failed - 0x%x", __FUNCTION__,
239 rsp[CMD_STATUS_OFFSET]);
240 err = -1;
241 }
242 break;
243 case EDL_WIP_QUERY_CHARGING_STATUS_EVT:
244 /* Query charging command has below return values
245 0 - in embedded mode not charging
246 1 - in embedded mode and charging
247 2 - hadofff completed and in normal mode
248 3 - no wipower supported on mtp. so irrepective of charging
249 handoff command has to be sent if return values are 0 or 1.
250 These change include logic to enable generic BT turn on sequence.*/
251 if (rsp[4] < EMBEDDED_MODE_CHECK)
252 {
253 ALOGI("%s: WiPower Charging in Embedded Mode!!!", __FUNCTION__);
254 wipower_handoff_ready = rsp[4];
255 wipower_flag = 1;
256 }
257 break;
258 case EDL_WIP_START_HANDOFF_TO_HOST_EVENT:
259 /*TODO: rsp code 00 mean no charging
260 this is going to change in FW soon*/
261 if (rsp[4] == NON_WIPOWER_MODE)
262 {
263 ALOGE("%s: WiPower Charging hand off not ready!!!", __FUNCTION__);
264 }
265 break;
266 case HCI_VS_GET_ADDON_FEATURES_EVENT:
267 if ((rsp[4] & ADDON_FEATURES_EVT_WIPOWER_MASK))
268 {
269 ALOGD("%s: WiPower feature supported!!", __FUNCTION__);
270 property_set("persist.bluetooth.a4wp", "true");
271 }
272 break;
273 case HCI_VS_STRAY_EVT:
274 /* WAR to handle stray Power Apply EVT during patch download */
275 ALOGD("%s: Stray HCI VS EVENT", __FUNCTION__);
276 if (patch_dnld_pending && dnld_fd != -1)
277 {
278 unsigned char rsp[HCI_MAX_EVENT_SIZE];
279 memset(rsp, 0x00, HCI_MAX_EVENT_SIZE);
280 read_vs_hci_event(dnld_fd, rsp, HCI_MAX_EVENT_SIZE);
281 }
282 else
283 {
284 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
285 err = -1;
286 }
287 break;
288 default:
289 ALOGE("%s: Not a valid status!!!", __FUNCTION__);
290 err = -1;
291 break;
292 }
293
294 failed:
295 return err;
296 }
297
298
299 /*
300 * Read an VS HCI event from the given file descriptor.
301 */
read_vs_hci_event(int fd,unsigned char * buf,int size)302 int read_vs_hci_event(int fd, unsigned char* buf, int size)
303 {
304 int remain, r;
305 int count = 0, i;
306
307 if (size <= 0) {
308 ALOGE("Invalid size arguement!");
309 return -1;
310 }
311
312 ALOGI("%s: Wait for HCI-Vendor Specfic Event from SOC", __FUNCTION__);
313
314 /* The first byte identifies the packet type. For HCI event packets, it
315 * should be 0x04, so we read until we get to the 0x04. */
316 /* It will keep reading until find 0x04 byte */
317 while (1) {
318 r = read(fd, buf, 1);
319 if (r <= 0)
320 return -1;
321 if (buf[0] == 0x04)
322 break;
323 }
324 count++;
325
326 /* The next two bytes are the event code and parameter total length. */
327 while (count < 3) {
328 r = read(fd, buf + count, 3 - count);
329 if ((r <= 0) || (buf[1] != 0xFF )) {
330 ALOGE("It is not VS event !! ret: %d, EVT: %d", r, buf[1]);
331 return -1;
332 }
333 count += r;
334 }
335
336 /* Now we read the parameters. */
337 if (buf[2] < (size - 3))
338 remain = buf[2];
339 else
340 remain = size - 3;
341
342 while ((count - 3) < remain) {
343 r = read(fd, buf + count, remain - (count - 3));
344 if (r <= 0)
345 return -1;
346 count += r;
347 }
348
349 /* Check if the set patch command is successful or not */
350 if(get_vs_hci_event(buf) != HCI_CMD_SUCCESS)
351 return -1;
352
353 return count;
354 }
355
356 /*
357 * For Hand-Off related Wipower commands, Command complete arrives first and
358 * the followd with VS event
359 *
360 */
hci_send_wipower_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)361 int hci_send_wipower_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
362 {
363 int ret = 0;
364 int err = 0;
365
366 /* Send the HCI command packet to UART for transmission */
367 ret = do_write(fd, cmd, size);
368 if (ret != size) {
369 ALOGE("%s: WP Send failed with ret value: %d", __FUNCTION__, ret);
370 goto failed;
371 }
372
373 /* Wait for command complete event */
374 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
375 if ( err < 0) {
376 ALOGE("%s: Failed to charging status cmd on Controller", __FUNCTION__);
377 goto failed;
378 }
379
380 ALOGI("%s: WP Received HCI command complete Event from SOC", __FUNCTION__);
381 failed:
382 return ret;
383 }
384
385
hci_send_vs_cmd(int fd,unsigned char * cmd,unsigned char * rsp,int size)386 int hci_send_vs_cmd(int fd, unsigned char *cmd, unsigned char *rsp, int size)
387 {
388 int ret = 0;
389
390 /* Send the HCI command packet to UART for transmission */
391 ret = do_write(fd, cmd, size);
392 if (ret != size) {
393 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
394 goto failed;
395 }
396
397 if (wait_vsc_evt) {
398 /* Check for response from the Controller */
399 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
400 ret = -ETIMEDOUT;
401 ALOGI("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
402 goto failed;
403 }
404 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
405 }
406
407 failed:
408 return ret;
409 }
410
frame_hci_cmd_pkt(unsigned char * cmd,int edl_cmd,unsigned int p_base_addr,int segtNo,int size)411 void frame_hci_cmd_pkt(
412 unsigned char *cmd,
413 int edl_cmd, unsigned int p_base_addr,
414 int segtNo, int size
415 )
416 {
417 int offset = 0;
418 hci_command_hdr *cmd_hdr;
419
420 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
421
422 cmd_hdr = (void *) (cmd + 1);
423
424 cmd[0] = HCI_COMMAND_PKT;
425 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_PATCH_CMD_OCF);
426 cmd_hdr->plen = size;
427 cmd[4] = edl_cmd;
428
429 switch (edl_cmd)
430 {
431 case EDL_PATCH_SET_REQ_CMD:
432 /* Copy the patch header info as CMD params */
433 memcpy(&cmd[5], phdr_buffer, PATCH_HDR_LEN);
434 ALOGD("%s: Sending EDL_PATCH_SET_REQ_CMD", __FUNCTION__);
435 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
436 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
437 break;
438 case EDL_PATCH_DLD_REQ_CMD:
439 offset = ((segtNo - 1) * MAX_DATA_PER_SEGMENT);
440 p_base_addr += offset;
441 cmd_hdr->plen = (size + 6);
442 cmd[5] = (size + 4);
443 cmd[6] = EXTRACT_BYTE(p_base_addr, 0);
444 cmd[7] = EXTRACT_BYTE(p_base_addr, 1);
445 cmd[8] = EXTRACT_BYTE(p_base_addr, 2);
446 cmd[9] = EXTRACT_BYTE(p_base_addr, 3);
447 memcpy(&cmd[10], (pdata_buffer + offset), size);
448
449 ALOGD("%s: Sending EDL_PATCH_DLD_REQ_CMD: size: %d bytes",
450 __FUNCTION__, size);
451 ALOGD("HCI-CMD %d:\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t0x%x\t"
452 "0x%x\t0x%x\t0x%x\t\n", segtNo, cmd[0], cmd[1], cmd[2],
453 cmd[3], cmd[4], cmd[5], cmd[6], cmd[7], cmd[8], cmd[9]);
454 break;
455 case EDL_PATCH_ATCH_REQ_CMD:
456 ALOGD("%s: Sending EDL_PATCH_ATTACH_REQ_CMD", __FUNCTION__);
457 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
458 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
459 break;
460 case EDL_PATCH_RST_REQ_CMD:
461 ALOGD("%s: Sending EDL_PATCH_RESET_REQ_CMD", __FUNCTION__);
462 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
463 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
464 break;
465 case EDL_PATCH_VER_REQ_CMD:
466 ALOGD("%s: Sending EDL_PATCH_VER_REQ_CMD", __FUNCTION__);
467 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
468 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
469 break;
470 case EDL_PATCH_TLV_REQ_CMD:
471 ALOGD("%s: Sending EDL_PATCH_TLV_REQ_CMD", __FUNCTION__);
472 /* Parameter Total Length */
473 cmd[3] = size +2;
474
475 /* TLV Segment Length */
476 cmd[5] = size;
477 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
478 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4], cmd[5]);
479 offset = (segtNo * MAX_SIZE_PER_TLV_SEGMENT);
480 memcpy(&cmd[6], (pdata_buffer + offset), size);
481 break;
482 case EDL_GET_BUILD_INFO:
483 ALOGD("%s: Sending EDL_GET_BUILD_INFO", __FUNCTION__);
484 ALOGD("HCI-CMD %d:\t0x%x \t0x%x \t0x%x \t0x%x \t0x%x",
485 segtNo, cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
486 break;
487 default:
488 ALOGE("%s: Unknown EDL CMD !!!", __FUNCTION__);
489 }
490 }
491
rome_extract_patch_header_info(unsigned char * buf)492 void rome_extract_patch_header_info(unsigned char *buf)
493 {
494 int index;
495
496 /* Extract patch id */
497 for (index = 0; index < 4; index++)
498 rampatch_patch_info.patch_id |=
499 (LSH(buf[index + P_ID_OFFSET], (index * 8)));
500
501 /* Extract (ROM and BUILD) version information */
502 for (index = 0; index < 2; index++)
503 rampatch_patch_info.patch_ver.rom_version |=
504 (LSH(buf[index + P_ROME_VER_OFFSET], (index * 8)));
505
506 for (index = 0; index < 2; index++)
507 rampatch_patch_info.patch_ver.build_version |=
508 (LSH(buf[index + P_BUILD_VER_OFFSET], (index * 8)));
509
510 /* Extract patch base and entry addresses */
511 for (index = 0; index < 4; index++)
512 rampatch_patch_info.patch_base_addr |=
513 (LSH(buf[index + P_BASE_ADDR_OFFSET], (index * 8)));
514
515 /* Patch BASE & ENTRY addresses are same */
516 rampatch_patch_info.patch_entry_addr = rampatch_patch_info.patch_base_addr;
517
518 /* Extract total length of the patch payload */
519 for (index = 0; index < 4; index++)
520 rampatch_patch_info.patch_length |=
521 (LSH(buf[index + P_LEN_OFFSET], (index * 8)));
522
523 /* Extract the CRC checksum of the patch payload */
524 for (index = 0; index < 4; index++)
525 rampatch_patch_info.patch_crc |=
526 (LSH(buf[index + P_CRC_OFFSET], (index * 8)));
527
528 /* Extract patch control value */
529 for (index = 0; index < 4; index++)
530 rampatch_patch_info.patch_ctrl |=
531 (LSH(buf[index + P_CONTROL_OFFSET], (index * 8)));
532
533 ALOGI("PATCH_ID\t : 0x%x", rampatch_patch_info.patch_id);
534 ALOGI("ROM_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.rom_version);
535 ALOGI("BUILD_VERSION\t : 0x%x", rampatch_patch_info.patch_ver.build_version);
536 ALOGI("PATCH_LENGTH\t : 0x%x", rampatch_patch_info.patch_length);
537 ALOGI("PATCH_CRC\t : 0x%x", rampatch_patch_info.patch_crc);
538 ALOGI("PATCH_CONTROL\t : 0x%x\n", rampatch_patch_info.patch_ctrl);
539 ALOGI("PATCH_BASE_ADDR\t : 0x%x\n", rampatch_patch_info.patch_base_addr);
540
541 }
542
rome_edl_set_patch_request(int fd)543 int rome_edl_set_patch_request(int fd)
544 {
545 int size, err;
546 unsigned char cmd[HCI_MAX_CMD_SIZE];
547 unsigned char rsp[HCI_MAX_EVENT_SIZE];
548
549 /* Frame the HCI CMD to be sent to the Controller */
550 frame_hci_cmd_pkt(cmd, EDL_PATCH_SET_REQ_CMD, 0,
551 -1, PATCH_HDR_LEN + 1);
552
553 /* Total length of the packet to be sent to the Controller */
554 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
555
556 /* Send HCI Command packet to Controller */
557 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
558 if ( err != size) {
559 ALOGE("Failed to set the patch info to the Controller!");
560 goto error;
561 }
562
563 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
564 if ( err < 0) {
565 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
566 goto error;
567 }
568 ALOGI("%s: Successfully set patch info on the Controller", __FUNCTION__);
569 error:
570 return err;
571 }
572
rome_edl_patch_download_request(int fd)573 int rome_edl_patch_download_request(int fd)
574 {
575 int no_of_patch_segment;
576 int index = 1, err = 0, size = 0;
577 unsigned int p_base_addr;
578 unsigned char cmd[HCI_MAX_CMD_SIZE];
579 unsigned char rsp[HCI_MAX_EVENT_SIZE];
580
581 no_of_patch_segment = (rampatch_patch_info.patch_length /
582 MAX_DATA_PER_SEGMENT);
583 ALOGI("%s: %d patch segments to be d'loaded from patch base addr: 0x%x",
584 __FUNCTION__, no_of_patch_segment,
585 rampatch_patch_info.patch_base_addr);
586
587 /* Initialize the patch base address from the one read from bin file */
588 p_base_addr = rampatch_patch_info.patch_base_addr;
589
590 /*
591 * Depending upon size of the patch payload, download the patches in
592 * segments with a max. size of 239 bytes
593 */
594 for (index = 1; index <= no_of_patch_segment; index++) {
595
596 ALOGI("%s: Downloading patch segment: %d", __FUNCTION__, index);
597
598 /* Frame the HCI CMD PKT to be sent to Controller*/
599 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr,
600 index, MAX_DATA_PER_SEGMENT);
601
602 /* Total length of the packet to be sent to the Controller */
603 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
604
605 /* Initialize the RSP packet everytime to 0 */
606 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
607
608 /* Send HCI Command packet to Controller */
609 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
610 if ( err != size) {
611 ALOGE("Failed to send the patch payload to the Controller!");
612 goto error;
613 }
614
615 /* Read Command Complete Event */
616 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
617 if ( err < 0) {
618 ALOGE("%s: Failed to downlaod patch segment: %d!",
619 __FUNCTION__, index);
620 goto error;
621 }
622 ALOGI("%s: Successfully downloaded patch segment: %d",
623 __FUNCTION__, index);
624 }
625
626 /* Check if any pending patch data to be sent */
627 size = (rampatch_patch_info.patch_length < MAX_DATA_PER_SEGMENT) ?
628 rampatch_patch_info.patch_length :
629 (rampatch_patch_info.patch_length % MAX_DATA_PER_SEGMENT);
630
631 if (size)
632 {
633 /* Frame the HCI CMD PKT to be sent to Controller*/
634 frame_hci_cmd_pkt(cmd, EDL_PATCH_DLD_REQ_CMD, p_base_addr, index, size);
635
636 /* Initialize the RSP packet everytime to 0 */
637 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
638
639 /* Total length of the packet to be sent to the Controller */
640 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
641
642 /* Send HCI Command packet to Controller */
643 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
644 if ( err != size) {
645 ALOGE("Failed to send the patch payload to the Controller!");
646 goto error;
647 }
648
649 /* Read Command Complete Event */
650 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
651 if ( err < 0) {
652 ALOGE("%s: Failed to downlaod patch segment: %d!",
653 __FUNCTION__, index);
654 goto error;
655 }
656
657 ALOGI("%s: Successfully downloaded patch segment: %d",
658 __FUNCTION__, index);
659 }
660
661 error:
662 return err;
663 }
664
rome_download_rampatch(int fd)665 static int rome_download_rampatch(int fd)
666 {
667 int c, tmp, size, index, ret = -1;
668
669 ALOGI("%s: ", __FUNCTION__);
670
671 /* Get handle to the RAMPATCH binary file */
672 ALOGI("%s: Getting handle to the RAMPATCH binary file from %s", __FUNCTION__, ROME_FW_PATH);
673 file = fopen(ROME_FW_PATH, "r");
674 if (file == NULL) {
675 ALOGE("%s: Failed to get handle to the RAMPATCH bin file!",
676 __FUNCTION__);
677 return -ENFILE;
678 }
679
680 /* Allocate memory for the patch headder info */
681 ALOGI("%s: Allocating memory for the patch header", __FUNCTION__);
682 phdr_buffer = (unsigned char *) malloc(PATCH_HDR_LEN + 1);
683 if (phdr_buffer == NULL) {
684 ALOGE("%s: Failed to allocate memory for patch header",
685 __FUNCTION__);
686 goto phdr_alloc_failed;
687 }
688 for (index = 0; index < PATCH_HDR_LEN + 1; index++)
689 phdr_buffer[index] = 0x0;
690
691 /* Read 28 bytes of patch header information */
692 ALOGI("%s: Reading patch header info", __FUNCTION__);
693 index = 0;
694 do {
695 c = fgetc (file);
696 phdr_buffer[index++] = (unsigned char)c;
697 } while (index != PATCH_HDR_LEN);
698
699 /* Save the patch header info into local structure */
700 ALOGI("%s: Saving patch hdr. info", __FUNCTION__);
701 rome_extract_patch_header_info((unsigned char *)phdr_buffer);
702
703 /* Set the patch header info onto the Controller */
704 ret = rome_edl_set_patch_request(fd);
705 if (ret < 0) {
706 ALOGE("%s: Error setting the patchheader info!", __FUNCTION__);
707 goto pdata_alloc_failed;
708 }
709
710 /* Allocate memory for the patch payload */
711 ALOGI("%s: Allocating memory for patch payload", __FUNCTION__);
712 size = rampatch_patch_info.patch_length;
713 pdata_buffer = (unsigned char *) malloc(size+1);
714 if (pdata_buffer == NULL) {
715 ALOGE("%s: Failed to allocate memory for patch payload",
716 __FUNCTION__);
717 goto pdata_alloc_failed;
718 }
719 for (index = 0; index < size+1; index++)
720 pdata_buffer[index] = 0x0;
721
722 /* Read the patch data from Rampatch binary image */
723 ALOGI("%s: Reading patch payload from RAMPATCH file", __FUNCTION__);
724 index = 0;
725 do {
726 c = fgetc (file);
727 pdata_buffer[index++] = (unsigned char)c;
728 } while (c != EOF);
729
730 /* Downloading patches in segments to controller */
731 ret = rome_edl_patch_download_request(fd);
732 if (ret < 0) {
733 ALOGE("%s: Error downloading patch segments!", __FUNCTION__);
734 goto cleanup;
735 }
736 cleanup:
737 free(pdata_buffer);
738 pdata_alloc_failed:
739 free(phdr_buffer);
740 phdr_alloc_failed:
741 fclose(file);
742 error:
743 return ret;
744 }
745
rome_attach_rampatch(int fd)746 int rome_attach_rampatch(int fd)
747 {
748 int size, err;
749 unsigned char cmd[HCI_MAX_CMD_SIZE];
750 unsigned char rsp[HCI_MAX_EVENT_SIZE];
751
752 /* Frame the HCI CMD to be sent to the Controller */
753 frame_hci_cmd_pkt(cmd, EDL_PATCH_ATCH_REQ_CMD, 0,
754 -1, EDL_PATCH_CMD_LEN);
755
756 /* Total length of the packet to be sent to the Controller */
757 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
758
759 /* Send HCI Command packet to Controller */
760 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
761 if ( err != size) {
762 ALOGE("Failed to attach the patch payload to the Controller!");
763 goto error;
764 }
765
766 /* Read Command Complete Event */
767 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
768 if ( err < 0) {
769 ALOGE("%s: Failed to attach the patch segment(s)", __FUNCTION__);
770 goto error;
771 }
772 error:
773 return err;
774 }
775
rome_rampatch_reset(int fd)776 int rome_rampatch_reset(int fd)
777 {
778 int size, err = 0, flags;
779 unsigned char cmd[HCI_MAX_CMD_SIZE];
780 struct timespec tm = { 0, 100*1000*1000 }; /* 100 ms */
781
782 /* Frame the HCI CMD to be sent to the Controller */
783 frame_hci_cmd_pkt(cmd, EDL_PATCH_RST_REQ_CMD, 0,
784 -1, EDL_PATCH_CMD_LEN);
785
786 /* Total length of the packet to be sent to the Controller */
787 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
788
789 /* Send HCI Command packet to Controller */
790 err = do_write(fd, cmd, size);
791 if (err != size) {
792 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
793 goto error;
794 }
795
796 /*
797 * Controller doesn't sends any response for the patch reset
798 * command. HOST has to wait for 100ms before proceeding.
799 */
800 nanosleep(&tm, NULL);
801
802 error:
803 return err;
804 }
805
rome_get_tlv_file(char * file_path)806 int rome_get_tlv_file(char *file_path)
807 {
808 FILE * pFile;
809 long fileSize;
810 int readSize, err = 0, total_segment, remain_size, nvm_length, nvm_index, i;
811 unsigned short nvm_tag_len;
812 tlv_patch_info *ptlv_header;
813 tlv_nvm_hdr *nvm_ptr;
814 unsigned char data_buf[PRINT_BUF_SIZE]={0,};
815 unsigned char *nvm_byte_ptr;
816
817 ALOGI("File Open (%s)", file_path);
818 pFile = fopen ( file_path , "r" );
819 if (pFile==NULL) {;
820 ALOGE("%s File Open Fail", file_path);
821 return -1;
822 }
823
824 /* Get File Size */
825 fseek (pFile , 0 , SEEK_END);
826 fileSize = ftell (pFile);
827 rewind (pFile);
828
829 pdata_buffer = (unsigned char*) malloc (sizeof(char)*fileSize);
830 if (pdata_buffer == NULL) {
831 ALOGE("Allocated Memory failed");
832 fclose (pFile);
833 return -1;
834 }
835
836 /* Copy file into allocated buffer */
837 readSize = fread (pdata_buffer,1,fileSize,pFile);
838
839 /* File Close */
840 fclose (pFile);
841
842 if (readSize != fileSize) {
843 ALOGE("Read file size(%d) not matched with actual file size (%ld bytes)",readSize,fileSize);
844 return -1;
845 }
846
847 ptlv_header = (tlv_patch_info *) pdata_buffer;
848
849 /* To handle different event between rampatch and NVM */
850 gTlv_type = ptlv_header->tlv_type;
851 gTlv_dwndCfg = ptlv_header->tlv.patch.dwnd_cfg;
852
853 if(ptlv_header->tlv_type == TLV_TYPE_PATCH){
854 ALOGI("====================================================");
855 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
856 ALOGI("Length\t\t\t : %d bytes", (ptlv_header->tlv_length1) |
857 (ptlv_header->tlv_length2 << 8) |
858 (ptlv_header->tlv_length3 << 16));
859 ALOGI("Total Length\t\t\t : %d bytes", ptlv_header->tlv.patch.tlv_data_len);
860 ALOGI("Patch Data Length\t\t\t : %d bytes",ptlv_header->tlv.patch.tlv_patch_data_len);
861 ALOGI("Signing Format Version\t : 0x%x", ptlv_header->tlv.patch.sign_ver);
862 ALOGI("Signature Algorithm\t\t : 0x%x", ptlv_header->tlv.patch.sign_algorithm);
863 ALOGI("Event Handling\t\t\t : 0x%x", ptlv_header->tlv.patch.dwnd_cfg);
864 ALOGI("Reserved\t\t\t : 0x%x", ptlv_header->tlv.patch.reserved1);
865 ALOGI("Product ID\t\t\t : 0x%04x\n", ptlv_header->tlv.patch.prod_id);
866 ALOGI("Rom Build Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.build_ver);
867 ALOGI("Patch Version\t\t : 0x%04x\n", ptlv_header->tlv.patch.patch_ver);
868 ALOGI("Reserved\t\t\t : 0x%x\n", ptlv_header->tlv.patch.reserved2);
869 ALOGI("Patch Entry Address\t\t : 0x%x\n", (ptlv_header->tlv.patch.patch_entry_addr));
870 ALOGI("====================================================");
871
872 } else if(ptlv_header->tlv_type == TLV_TYPE_NVM) {
873 ALOGI("====================================================");
874 ALOGI("TLV Type\t\t\t : 0x%x", ptlv_header->tlv_type);
875 ALOGI("Length\t\t\t : %d bytes", nvm_length = (ptlv_header->tlv_length1) |
876 (ptlv_header->tlv_length2 << 8) |
877 (ptlv_header->tlv_length3 << 16));
878
879 if(nvm_length <= 0)
880 return readSize;
881
882 for(nvm_byte_ptr=(unsigned char *)(nvm_ptr = &(ptlv_header->tlv.nvm)), nvm_index=0;
883 nvm_index < nvm_length ; nvm_ptr = (tlv_nvm_hdr *) nvm_byte_ptr)
884 {
885 ALOGI("TAG ID\t\t\t : %d", nvm_ptr->tag_id);
886 ALOGI("TAG Length\t\t\t : %d", nvm_tag_len = nvm_ptr->tag_len);
887 ALOGI("TAG Pointer\t\t\t : %d", nvm_ptr->tag_ptr);
888 ALOGI("TAG Extended Flag\t\t : %d", nvm_ptr->tag_ex_flag);
889
890 /* Increase nvm_index to NVM data */
891 nvm_index+=sizeof(tlv_nvm_hdr);
892 nvm_byte_ptr+=sizeof(tlv_nvm_hdr);
893
894 /* Write BD Address */
895 if(nvm_ptr->tag_id == TAG_NUM_2){
896 memcpy(nvm_byte_ptr, q.bdaddr, 6);
897 ALOGI("BD Address: %.02x:%.02x:%.02x:%.02x:%.02x:%.02x",
898 *nvm_byte_ptr, *(nvm_byte_ptr+1), *(nvm_byte_ptr+2),
899 *(nvm_byte_ptr+3), *(nvm_byte_ptr+4), *(nvm_byte_ptr+5));
900 }
901
902 for(i =0;(i<nvm_ptr->tag_len && (i*3 + 2) <PRINT_BUF_SIZE);i++)
903 snprintf((char *) data_buf, PRINT_BUF_SIZE, "%s%.02x ", (char *)data_buf, *(nvm_byte_ptr + i));
904
905 ALOGI("TAG Data\t\t\t : %s", data_buf);
906
907 /* Clear buffer */
908 memset(data_buf, 0x0, PRINT_BUF_SIZE);
909
910 /* increased by tag_len */
911 nvm_index+=nvm_ptr->tag_len;
912 nvm_byte_ptr +=nvm_ptr->tag_len;
913 }
914
915 ALOGI("====================================================");
916
917 } else {
918 ALOGI("TLV Header type is unknown (%d) ", ptlv_header->tlv_type);
919 }
920
921 return readSize;
922 }
923
rome_tlv_dnld_segment(int fd,int index,int seg_size,unsigned char wait_cc_evt)924 int rome_tlv_dnld_segment(int fd, int index, int seg_size, unsigned char wait_cc_evt)
925 {
926 int size=0, err = -1;
927 unsigned char cmd[HCI_MAX_CMD_SIZE];
928 unsigned char rsp[HCI_MAX_EVENT_SIZE];
929
930 ALOGI("%s: Downloading TLV Patch segment no.%d, size:%d", __FUNCTION__, index, seg_size);
931
932 /* Frame the HCI CMD PKT to be sent to Controller*/
933 frame_hci_cmd_pkt(cmd, EDL_PATCH_TLV_REQ_CMD, 0, index, seg_size);
934
935 /* Total length of the packet to be sent to the Controller */
936 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + cmd[PLEN]);
937
938 /* Initialize the RSP packet everytime to 0 */
939 memset(rsp, 0x0, HCI_MAX_EVENT_SIZE);
940
941 /* Send HCI Command packet to Controller */
942 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
943 if ( err != size) {
944 ALOGE("Failed to send the patch payload to the Controller! 0x%x", err);
945 return err;
946 }
947
948 if(wait_cc_evt) {
949 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
950 if ( err < 0) {
951 ALOGE("%s: Failed to downlaod patch segment: %d!", __FUNCTION__, index);
952 return err;
953 }
954 }
955
956 ALOGI("%s: Successfully downloaded patch segment: %d", __FUNCTION__, index);
957 return err;
958 }
959
rome_tlv_dnld_req(int fd,int tlv_size)960 int rome_tlv_dnld_req(int fd, int tlv_size)
961 {
962 int total_segment, remain_size, i, err = -1;
963 unsigned char wait_cc_evt = TRUE;
964
965 total_segment = tlv_size/MAX_SIZE_PER_TLV_SEGMENT;
966 remain_size = (tlv_size < MAX_SIZE_PER_TLV_SEGMENT)?\
967 tlv_size: (tlv_size%MAX_SIZE_PER_TLV_SEGMENT);
968
969 ALOGI("%s: TLV size: %d, Total Seg num: %d, remain size: %d",
970 __FUNCTION__,tlv_size, total_segment, remain_size);
971
972 if (gTlv_type == TLV_TYPE_PATCH) {
973 /* Prior to Rome version 3.2(including inital few rampatch release of Rome 3.2), the event
974 * handling mechanism is ROME_SKIP_EVT_NONE. After few release of rampatch for Rome 3.2, the
975 * mechamism is changed to ROME_SKIP_EVT_VSE_CC. Rest of the mechanism is not used for now
976 */
977 switch(gTlv_dwndCfg)
978 {
979 case ROME_SKIP_EVT_NONE:
980 wait_vsc_evt = TRUE;
981 wait_cc_evt = TRUE;
982 ALOGI("Event handling type: ROME_SKIP_EVT_NONE");
983 break;
984 case ROME_SKIP_EVT_VSE_CC:
985 wait_vsc_evt = FALSE;
986 wait_cc_evt = FALSE;
987 ALOGI("Event handling type: ROME_SKIP_EVT_VSE_CC");
988 break;
989 /* Not handled for now */
990 case ROME_SKIP_EVT_VSE:
991 case ROME_SKIP_EVT_CC:
992 default:
993 ALOGE("Unsupported Event handling: %d", gTlv_dwndCfg);
994 break;
995 }
996 } else {
997 wait_vsc_evt = TRUE;
998 wait_cc_evt = TRUE;
999 }
1000
1001 for(i=0;i<total_segment ;i++){
1002 if ((i+1) == total_segment) {
1003 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1004 /* If the Rome version is from 1.1 to 3.1
1005 * 1. No CCE for the last command segment but all other segment
1006 * 2. All the command segments get VSE including the last one
1007 */
1008 wait_cc_evt = !remain_size ? FALSE: TRUE;
1009 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1010 /* If the Rome version is 3.2
1011 * 1. None of the command segments receive CCE
1012 * 2. No command segments receive VSE except the last one
1013 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1014 * same as Rome 2.1, 2.2, 3.0
1015 */
1016 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1017 wait_cc_evt = !remain_size ? FALSE: TRUE;
1018 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1019 wait_vsc_evt = !remain_size ? TRUE: FALSE;
1020 }
1021 }
1022 }
1023
1024 patch_dnld_pending = TRUE;
1025 if((err = rome_tlv_dnld_segment(fd, i, MAX_SIZE_PER_TLV_SEGMENT, wait_cc_evt )) < 0)
1026 goto error;
1027 patch_dnld_pending = FALSE;
1028 }
1029
1030 if ((chipset_ver >= ROME_VER_1_1) && (chipset_ver < ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1031 /* If the Rome version is from 1.1 to 3.1
1032 * 1. No CCE for the last command segment but all other segment
1033 * 2. All the command segments get VSE including the last one
1034 */
1035 wait_cc_evt = remain_size ? FALSE: TRUE;
1036 } else if ((chipset_ver >= ROME_VER_3_2) && (gTlv_type == TLV_TYPE_PATCH)) {
1037 /* If the Rome version is 3.2
1038 * 1. None of the command segments receive CCE
1039 * 2. No command segments receive VSE except the last one
1040 * 3. If gTlv_dwndCfg is ROME_SKIP_EVT_NONE then the logic is
1041 * same as Rome 2.1, 2.2, 3.0
1042 */
1043 if (gTlv_dwndCfg == ROME_SKIP_EVT_NONE) {
1044 wait_cc_evt = remain_size ? FALSE: TRUE;
1045 } else if (gTlv_dwndCfg == ROME_SKIP_EVT_VSE_CC) {
1046 wait_vsc_evt = remain_size ? TRUE: FALSE;
1047 }
1048 }
1049 patch_dnld_pending = TRUE;
1050 if(remain_size) err =rome_tlv_dnld_segment(fd, i, remain_size, wait_cc_evt);
1051 patch_dnld_pending = FALSE;
1052 error:
1053 if(patch_dnld_pending) patch_dnld_pending = FALSE;
1054 return err;
1055 }
1056
rome_download_tlv_file(int fd)1057 int rome_download_tlv_file(int fd)
1058 {
1059 int tlv_size, err = -1;
1060
1061 /* Rampatch TLV file Downloading */
1062 pdata_buffer = NULL;
1063 if((tlv_size = rome_get_tlv_file(rampatch_file_path)) < 0)
1064 goto error;
1065
1066 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1067 goto error;
1068
1069 if (pdata_buffer != NULL){
1070 free (pdata_buffer);
1071 pdata_buffer = NULL;
1072 }
1073 nvm_download:
1074 if(!nvm_file_path) {
1075 ALOGI("%s: nvm file is not available", __FUNCTION__);
1076 err = 0; // in case of nvm/rampatch is not available
1077 goto error;
1078 }
1079
1080 /* NVM TLV file Downloading */
1081 if((tlv_size = rome_get_tlv_file(nvm_file_path)) <= 0)
1082 goto error;
1083
1084 if((err =rome_tlv_dnld_req(fd, tlv_size)) <0 )
1085 goto error;
1086
1087 error:
1088 if (pdata_buffer != NULL)
1089 free (pdata_buffer);
1090
1091 return err;
1092 }
1093
rome_1_0_nvm_tag_dnld(int fd)1094 int rome_1_0_nvm_tag_dnld(int fd)
1095 {
1096 int i, size, err = 0;
1097 unsigned char cmd[HCI_MAX_CMD_SIZE];
1098 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1099
1100 #if (NVM_VERSION >= ROME_1_0_100019)
1101 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1102 {
1103 /* Tag 2 */ /* BD Address */
1104 { /* Packet Type */HCI_COMMAND_PKT,
1105 /* Opcode */ 0x0b,0xfc,
1106 /* Total Len */ 9,
1107 /* NVM CMD */ NVM_ACCESS_SET,
1108 /* Tag Num */ 2,
1109 /* Tag Len */ 6,
1110 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22
1111 },
1112 /* Tag 6 */ /* Bluetooth Support Features */
1113 { /* Packet Type */HCI_COMMAND_PKT,
1114 /* Opcode */ 0x0b,0xfc,
1115 /* Total Len */ 11,
1116 /* NVM CMD */ NVM_ACCESS_SET,
1117 /* Tag Num */ 6,
1118 /* Tag Len */ 8,
1119 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1120 },
1121 /* Tag 17 */ /* HCI Transport Layer Setting */
1122 { /* Packet Type */HCI_COMMAND_PKT,
1123 /* Opcode */ 0x0b,0xfc,
1124 /* Total Len */ 11,
1125 /* NVM CMD */ NVM_ACCESS_SET,
1126 /* Tag Num */ 17,
1127 /* Tag Len */ 8,
1128 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1129 },
1130 /* Tag 35 */
1131 { /* Packet Type */HCI_COMMAND_PKT,
1132 /* Opcode */ 0x0b,0xfc,
1133 /* Total Len */ 58,
1134 /* NVM CMD */ NVM_ACCESS_SET,
1135 /* Tag Num */ 35,
1136 /* Tag Len */ 55,
1137 /* Tag Value */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x58, 0x59,
1138 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1139 0x0E, 0x0E, 0x16, 0x16, 0x16, 0x1E, 0x26, 0x5F, 0x2F, 0x5F,
1140 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1141 0x0C, 0x18, 0x14, 0x24, 0x40, 0x4C, 0x70, 0x80, 0x80, 0x80,
1142 0x1B, 0x14, 0x01, 0x04, 0x48
1143 },
1144 /* Tag 36 */
1145 { /* Packet Type */HCI_COMMAND_PKT,
1146 /* Opcode */ 0x0b,0xfc,
1147 /* Total Len */ 15,
1148 /* NVM CMD */ NVM_ACCESS_SET,
1149 /* Tag Num */ 36,
1150 /* Tag Len */ 12,
1151 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1152 },
1153 /* Tag 39 */
1154 { /* Packet Type */HCI_COMMAND_PKT,
1155 /* Opcode */ 0x0b,0xfc,
1156 /* Total Len */ 7,
1157 /* NVM CMD */ NVM_ACCESS_SET,
1158 /* Tag Num */ 39,
1159 /* Tag Len */ 4,
1160 /* Tag Value */ 0x12,0x00,0x00,0x00
1161 },
1162 /* Tag 41 */
1163 { /* Packet Type */HCI_COMMAND_PKT,
1164 /* Opcode */ 0x0b,0xfc,
1165 /* Total Len */ 91,
1166 /* NVM CMD */ NVM_ACCESS_SET,
1167 /* Tag Num */ 41,
1168 /* Tag Len */ 88,
1169 /* Tag Value */ 0x15, 0x00, 0x00, 0x00, 0xF6, 0x02, 0x00, 0x00, 0x76, 0x00,
1170 0x1E, 0x00, 0x29, 0x02, 0x1F, 0x00, 0x61, 0x00, 0x1A, 0x00,
1171 0x76, 0x00, 0x1E, 0x00, 0x7D, 0x00, 0x40, 0x00, 0x91, 0x00,
1172 0x06, 0x00, 0x92, 0x00, 0x03, 0x00, 0xA6, 0x01, 0x50, 0x00,
1173 0xAA, 0x01, 0x15, 0x00, 0xAB, 0x01, 0x0A, 0x00, 0xAC, 0x01,
1174 0x00, 0x00, 0xB0, 0x01, 0xC5, 0x00, 0xB3, 0x01, 0x03, 0x00,
1175 0xB4, 0x01, 0x13, 0x00, 0xB5, 0x01, 0x0C, 0x00, 0xC5, 0x01,
1176 0x0D, 0x00, 0xC6, 0x01, 0x10, 0x00, 0xCA, 0x01, 0x2B, 0x00,
1177 0xCB, 0x01, 0x5F, 0x00, 0xCC, 0x01, 0x48, 0x00
1178 },
1179 /* Tag 42 */
1180 { /* Packet Type */HCI_COMMAND_PKT,
1181 /* Opcode */ 0x0b,0xfc,
1182 /* Total Len */ 63,
1183 /* NVM CMD */ NVM_ACCESS_SET,
1184 /* Tag Num */ 42,
1185 /* Tag Len */ 60,
1186 /* Tag Value */ 0xD7, 0xC0, 0x00, 0x00, 0x8F, 0x5C, 0x02, 0x00, 0x80, 0x47,
1187 0x60, 0x0C, 0x70, 0x4C, 0x00, 0x00, 0x00, 0x01, 0x1F, 0x01,
1188 0x42, 0x01, 0x69, 0x01, 0x95, 0x01, 0xC7, 0x01, 0xFE, 0x01,
1189 0x3D, 0x02, 0x83, 0x02, 0xD1, 0x02, 0x29, 0x03, 0x00, 0x0A,
1190 0x10, 0x00, 0x1F, 0x00, 0x3F, 0x00, 0x7F, 0x00, 0xFD, 0x00,
1191 0xF9, 0x01, 0xF1, 0x03, 0xDE, 0x07, 0x00, 0x00, 0x9A, 0x01
1192 },
1193 /* Tag 84 */
1194 { /* Packet Type */HCI_COMMAND_PKT,
1195 /* Opcode */ 0x0b,0xfc,
1196 /* Total Len */ 153,
1197 /* NVM CMD */ NVM_ACCESS_SET,
1198 /* Tag Num */ 84,
1199 /* Tag Len */ 150,
1200 /* Tag Value */ 0x7C, 0x6A, 0x59, 0x47, 0x19, 0x36, 0x35, 0x25, 0x25, 0x28,
1201 0x2C, 0x2B, 0x2B, 0x28, 0x2C, 0x28, 0x29, 0x28, 0x29, 0x28,
1202 0x29, 0x29, 0x2C, 0x29, 0x2C, 0x29, 0x2C, 0x28, 0x29, 0x28,
1203 0x29, 0x28, 0x29, 0x2A, 0x00, 0x00, 0x2C, 0x2A, 0x2C, 0x18,
1204 0x98, 0x98, 0x98, 0x98, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x1E,
1205 0x1E, 0x13, 0x1E, 0x1E, 0x1E, 0x1E, 0x13, 0x13, 0x11, 0x13,
1206 0x1E, 0x1E, 0x13, 0x12, 0x12, 0x12, 0x11, 0x12, 0x1F, 0x12,
1207 0x12, 0x12, 0x10, 0x0C, 0x18, 0x0D, 0x01, 0x01, 0x01, 0x01,
1208 0x01, 0x01, 0x01, 0x0C, 0x01, 0x01, 0x01, 0x01, 0x0D, 0x0D,
1209 0x0E, 0x0D, 0x01, 0x01, 0x0D, 0x0D, 0x0D, 0x0D, 0x0F, 0x0D,
1210 0x10, 0x0D, 0x0D, 0x0D, 0x0D, 0x10, 0x05, 0x10, 0x03, 0x00,
1211 0x7E, 0x7B, 0x7B, 0x72, 0x71, 0x50, 0x50, 0x50, 0x00, 0x40,
1212 0x60, 0x60, 0x30, 0x08, 0x02, 0x0F, 0x00, 0x01, 0x00, 0x00,
1213 0x00, 0x00, 0x00, 0x00, 0x08, 0x16, 0x16, 0x08, 0x08, 0x00,
1214 0x00, 0x00, 0x1E, 0x34, 0x2B, 0x1B, 0x23, 0x2B, 0x15, 0x0D
1215 },
1216 /* Tag 85 */
1217 { /* Packet Type */HCI_COMMAND_PKT,
1218 /* Opcode */ 0x0b,0xfc,
1219 /* Total Len */ 119,
1220 /* NVM CMD */ NVM_ACCESS_SET,
1221 /* Tag Num */ 85,
1222 /* Tag Len */ 116,
1223 /* Tag Value */ 0x03, 0x00, 0x38, 0x00, 0x45, 0x77, 0x00, 0xE8, 0x00, 0x59,
1224 0x01, 0xCA, 0x01, 0x3B, 0x02, 0xAC, 0x02, 0x1D, 0x03, 0x8E,
1225 0x03, 0x00, 0x89, 0x01, 0x0E, 0x02, 0x5C, 0x02, 0xD7, 0x02,
1226 0xF8, 0x08, 0x01, 0x00, 0x1F, 0x00, 0x0A, 0x02, 0x55, 0x02,
1227 0x00, 0x35, 0x00, 0x00, 0x00, 0x00, 0x2A, 0xD7, 0x00, 0x00,
1228 0x00, 0x1E, 0xDE, 0x00, 0x00, 0x00, 0x14, 0x0F, 0x0A, 0x0F,
1229 0x0A, 0x0C, 0x0C, 0x0C, 0x0C, 0x04, 0x04, 0x04, 0x0C, 0x0C,
1230 0x0C, 0x0C, 0x06, 0x06, 0x00, 0x02, 0x02, 0x02, 0x02, 0x02,
1231 0x01, 0x00, 0x02, 0x02, 0x02, 0x02, 0x01, 0x00, 0x00, 0x00,
1232 0x06, 0x0F, 0x14, 0x05, 0x47, 0xCF, 0x77, 0x00, 0x00, 0x00,
1233 0x00, 0x00, 0x00, 0xAC, 0x7C, 0xFF, 0x40, 0x00, 0x00, 0x00,
1234 0x12, 0x04, 0x04, 0x01, 0x04, 0x03
1235 },
1236 {TAG_END}
1237 };
1238 #elif (NVM_VERSION == ROME_1_0_6002)
1239 unsigned char cmds[MAX_TAG_CMD][HCI_MAX_CMD_SIZE] =
1240 {
1241 /* Tag 2 */
1242 { /* Packet Type */HCI_COMMAND_PKT,
1243 /* Opcode */ 0x0b,0xfc,
1244 /* Total Len */ 9,
1245 /* NVM CMD */ NVM_ACCESS_SET,
1246 /* Tag Num */ 2,
1247 /* Tag Len */ 6,
1248 /* Tag Value */ 0x77,0x78,0x23,0x01,0x56,0x22 /* BD Address */
1249 },
1250 /* Tag 6 */
1251 { /* Packet Type */HCI_COMMAND_PKT,
1252 /* Opcode */ 0x0b,0xfc,
1253 /* Total Len */ 11,
1254 /* NVM CMD */ NVM_ACCESS_SET,
1255 /* Tag Num */ 6,
1256 /* Tag Len */ 8,
1257 /* Tag Value */ 0xFF,0xFE,0x8B,0xFE,0xD8,0x3F,0x5B,0x8B
1258 },
1259 /* Tag 17 */
1260 { /* Packet Type */HCI_COMMAND_PKT,
1261 /* Opcode */ 0x0b,0xfc,
1262 /* Total Len */ 11,
1263 /* NVM CMD */ NVM_ACCESS_SET,
1264 /* Tag Num */ 17,
1265 /* Tag Len */ 8,
1266 /* Tag Value */ 0x82,0x01,0x0E,0x08,0x04,0x32,0x0A,0x00
1267 },
1268 /* Tag 36 */
1269 { /* Packet Type */HCI_COMMAND_PKT,
1270 /* Opcode */ 0x0b,0xfc,
1271 /* Total Len */ 15,
1272 /* NVM CMD */ NVM_ACCESS_SET,
1273 /* Tag Num */ 36,
1274 /* Tag Len */ 12,
1275 /* Tag Value */ 0x0F,0x00,0x03,0x03,0x03,0x03,0x00,0x00,0x03,0x03,0x04,0x00
1276 },
1277
1278 /* Tag 39 */
1279 { /* Packet Type */HCI_COMMAND_PKT,
1280 /* Opcode */ 0x0b,0xfc,
1281 /* Total Len */ 7,
1282 /* NVM CMD */ NVM_ACCESS_SET,
1283 /* Tag Num */ 39,
1284 /* Tag Len */ 4,
1285 /* Tag Value */ 0x12,0x00,0x00,0x00
1286 },
1287
1288 /* Tag 41 */
1289 { /* Packet Type */HCI_COMMAND_PKT,
1290 /* Opcode */ 0x0b,0xfc,
1291 /* Total Len */ 199,
1292 /* NVM CMD */ NVM_ACCESS_SET,
1293 /* Tag Num */ 41,
1294 /* Tag Len */ 196,
1295 /* Tag Value */ 0x30,0x00,0x00,0x00,0xD5,0x00,0x0E,0x00,0xD6,0x00,0x0E,0x00,
1296 0xD7,0x00,0x16,0x00,0xD8,0x00,0x16,0x00,0xD9,0x00,0x16,0x00,
1297 0xDA,0x00,0x1E,0x00,0xDB,0x00,0x26,0x00,0xDC,0x00,0x5F,0x00,
1298 0xDD,0x00,0x2F,0x00,0xDE,0x00,0x5F,0x00,0xE0,0x00,0x0E,0x00,
1299 0xE1,0x00,0x0E,0x00,0xE2,0x00,0x16,0x00,0xE3,0x00,0x16,0x00,
1300 0xE4,0x00,0x16,0x00,0xE5,0x00,0x1E,0x00,0xE6,0x00,0x26,0x00,
1301 0xE7,0x00,0x5F,0x00,0xE8,0x00,0x2F,0x00,0xE9,0x00,0x5F,0x00,
1302 0xEC,0x00,0x0C,0x00,0xED,0x00,0x08,0x00,0xEE,0x00,0x14,0x00,
1303 0xEF,0x00,0x24,0x00,0xF0,0x00,0x40,0x00,0xF1,0x00,0x4C,0x00,
1304 0xF2,0x00,0x70,0x00,0xF3,0x00,0x80,0x00,0xF4,0x00,0x80,0x00,
1305 0xF5,0x00,0x80,0x00,0xF8,0x00,0x0C,0x00,0xF9,0x00,0x18,0x00,
1306 0xFA,0x00,0x14,0x00,0xFB,0x00,0x24,0x00,0xFC,0x00,0x40,0x00,
1307 0xFD,0x00,0x4C,0x00,0xFE,0x00,0x70,0x00,0xFF,0x00,0x80,0x00,
1308 0x00,0x01,0x80,0x00,0x01,0x01,0x80,0x00,0x04,0x01,0x1B,0x00,
1309 0x05,0x01,0x14,0x00,0x06,0x01,0x01,0x00,0x07,0x01,0x04,0x00,
1310 0x08,0x01,0x00,0x00,0x09,0x01,0x00,0x00,0x0A,0x01,0x03,0x00,
1311 0x0B,0x01,0x03,0x00
1312 },
1313
1314 /* Tag 44 */
1315 { /* Packet Type */HCI_COMMAND_PKT,
1316 /* Opcode */ 0x0b,0xfc,
1317 /* Total Len */ 44,
1318 /* NVM CMD */ NVM_ACCESS_SET,
1319 /* Tag Num */ 44,
1320 /* Tag Len */ 41,
1321 /* Tag Value */ 0x6F,0x0A,0x00,0x00,0x00,0x00,0x00,0x50,0xFF,0x10,0x02,0x02,
1322 0x01,0x00,0x14,0x01,0x06,0x28,0xA0,0x62,0x03,0x64,0x01,0x01,
1323 0x0A,0x00,0x00,0x00,0x00,0x00,0x00,0xA0,0xFF,0x10,0x02,0x01,
1324 0x00,0x14,0x01,0x02,0x03
1325 },
1326 {TAG_END}
1327 };
1328 #endif
1329
1330 ALOGI("%s: Start sending NVM Tags (ver: 0x%x)", __FUNCTION__, (unsigned int) NVM_VERSION);
1331
1332 for (i=0; (i < MAX_TAG_CMD) && (cmds[i][0] != TAG_END); i++)
1333 {
1334 /* Write BD Address */
1335 if(cmds[i][TAG_NUM_OFFSET] == TAG_NUM_2){
1336 memcpy(&cmds[i][TAG_BDADDR_OFFSET], q.bdaddr, 6);
1337 ALOGI("BD Address: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x",
1338 cmds[i][TAG_BDADDR_OFFSET ], cmds[i][TAG_BDADDR_OFFSET + 1],
1339 cmds[i][TAG_BDADDR_OFFSET + 2], cmds[i][TAG_BDADDR_OFFSET + 3],
1340 cmds[i][TAG_BDADDR_OFFSET + 4], cmds[i][TAG_BDADDR_OFFSET + 5]);
1341 }
1342 size = cmds[i][3] + HCI_COMMAND_HDR_SIZE + 1;
1343 /* Send HCI Command packet to Controller */
1344 err = hci_send_vs_cmd(fd, (unsigned char *)&cmds[i][0], rsp, size);
1345 if ( err != size) {
1346 ALOGE("Failed to attach the patch payload to the Controller!");
1347 goto error;
1348 }
1349
1350 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1351 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1352 if ( err < 0) {
1353 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1354 goto error;
1355 }
1356 }
1357
1358 error:
1359 return err;
1360 }
1361
1362
1363
rome_patch_ver_req(int fd)1364 int rome_patch_ver_req(int fd)
1365 {
1366 int size, err = 0;
1367 unsigned char cmd[HCI_MAX_CMD_SIZE];
1368 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1369
1370 /* Frame the HCI CMD to be sent to the Controller */
1371 frame_hci_cmd_pkt(cmd, EDL_PATCH_VER_REQ_CMD, 0,
1372 -1, EDL_PATCH_CMD_LEN);
1373
1374 /* Total length of the packet to be sent to the Controller */
1375 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1376
1377 /* Send HCI Command packet to Controller */
1378 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1379 if ( err != size) {
1380 ALOGE("Failed to attach the patch payload to the Controller!");
1381 goto error;
1382 }
1383
1384 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1385 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1386 if ( err < 0) {
1387 ALOGE("%s: Failed to get patch version(s)", __FUNCTION__);
1388 goto error;
1389 }
1390 error:
1391 return err;
1392
1393 }
1394
rome_get_build_info_req(int fd)1395 int rome_get_build_info_req(int fd)
1396 {
1397 int size, err = 0;
1398 unsigned char cmd[HCI_MAX_CMD_SIZE];
1399 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1400
1401 /* Frame the HCI CMD to be sent to the Controller */
1402 frame_hci_cmd_pkt(cmd, EDL_GET_BUILD_INFO, 0,
1403 -1, EDL_PATCH_CMD_LEN);
1404
1405 /* Total length of the packet to be sent to the Controller */
1406 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1407
1408 /* Send HCI Command packet to Controller */
1409 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1410 if ( err != size) {
1411 ALOGE("Failed to send get build info cmd to the SoC!");
1412 goto error;
1413 }
1414
1415 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1416 if ( err < 0) {
1417 ALOGE("%s: Failed to get build info", __FUNCTION__);
1418 goto error;
1419 }
1420 error:
1421 return err;
1422
1423 }
1424
1425
rome_set_baudrate_req(int fd)1426 int rome_set_baudrate_req(int fd)
1427 {
1428 int size, err = 0;
1429 unsigned char cmd[HCI_MAX_CMD_SIZE];
1430 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1431 hci_command_hdr *cmd_hdr;
1432 int flags;
1433
1434 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1435
1436 cmd_hdr = (void *) (cmd + 1);
1437 cmd[0] = HCI_COMMAND_PKT;
1438 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_SET_BAUDRATE_CMD_OCF);
1439 cmd_hdr->plen = VSC_SET_BAUDRATE_REQ_LEN;
1440 cmd[4] = BAUDRATE_3000000;
1441
1442 /* Total length of the packet to be sent to the Controller */
1443 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + VSC_SET_BAUDRATE_REQ_LEN);
1444
1445 /* Flow off during baudrate change */
1446 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1447 {
1448 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1449 goto error;
1450 }
1451
1452 /* Send the HCI command packet to UART for transmission */
1453 err = do_write(fd, cmd, size);
1454 if (err != size) {
1455 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1456 goto error;
1457 }
1458
1459 /* Change Local UART baudrate to high speed UART */
1460 userial_vendor_set_baud(USERIAL_BAUD_3M);
1461
1462 /* Flow on after changing local uart baudrate */
1463 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1464 {
1465 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1466 return err;
1467 }
1468
1469 /* Check for response from the Controller */
1470 if ((err =read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE)) < 0) {
1471 ALOGE("%s: Failed to get HCI-VS Event from SOC", __FUNCTION__);
1472 goto error;
1473 }
1474
1475 ALOGI("%s: Received HCI-Vendor Specific Event from SOC", __FUNCTION__);
1476
1477 /* Wait for command complete event */
1478 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1479 if ( err < 0) {
1480 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1481 goto error;
1482 }
1483
1484 error:
1485 return err;
1486
1487 }
1488
1489
rome_hci_reset_req(int fd)1490 int rome_hci_reset_req(int fd)
1491 {
1492 int size, err = 0;
1493 unsigned char cmd[HCI_MAX_CMD_SIZE];
1494 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1495 hci_command_hdr *cmd_hdr;
1496 int flags;
1497
1498 ALOGI("%s: HCI RESET ", __FUNCTION__);
1499
1500 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1501
1502 cmd_hdr = (void *) (cmd + 1);
1503 cmd[0] = HCI_COMMAND_PKT;
1504 cmd_hdr->opcode = HCI_RESET;
1505 cmd_hdr->plen = 0;
1506
1507 /* Total length of the packet to be sent to the Controller */
1508 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1509
1510 /* Flow off during baudrate change */
1511 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_OFF , &flags)) < 0)
1512 {
1513 ALOGE("%s: HW Flow-off error: 0x%x\n", __FUNCTION__, err);
1514 goto error;
1515 }
1516
1517 /* Send the HCI command packet to UART for transmission */
1518 ALOGI("%s: HCI CMD: 0x%x 0x%x 0x%x 0x%x\n", __FUNCTION__, cmd[0], cmd[1], cmd[2], cmd[3]);
1519 err = do_write(fd, cmd, size);
1520 if (err != size) {
1521 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1522 goto error;
1523 }
1524
1525 /* Change Local UART baudrate to high speed UART */
1526 userial_vendor_set_baud(USERIAL_BAUD_3M);
1527
1528 /* Flow on after changing local uart baudrate */
1529 if ((err = userial_vendor_ioctl(USERIAL_OP_FLOW_ON , &flags)) < 0)
1530 {
1531 ALOGE("%s: HW Flow-on error: 0x%x \n", __FUNCTION__, err);
1532 return err;
1533 }
1534
1535 /* Wait for command complete event */
1536 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1537 if ( err < 0) {
1538 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1539 goto error;
1540 }
1541
1542 error:
1543 return err;
1544
1545 }
1546
1547
rome_hci_reset(int fd)1548 int rome_hci_reset(int fd)
1549 {
1550 int size, err = 0;
1551 unsigned char cmd[HCI_MAX_CMD_SIZE];
1552 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1553 hci_command_hdr *cmd_hdr;
1554 int flags;
1555
1556 ALOGI("%s: HCI RESET ", __FUNCTION__);
1557
1558 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1559
1560 cmd_hdr = (void *) (cmd + 1);
1561 cmd[0] = HCI_COMMAND_PKT;
1562 cmd_hdr->opcode = HCI_RESET;
1563 cmd_hdr->plen = 0;
1564
1565 /* Total length of the packet to be sent to the Controller */
1566 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1567 err = do_write(fd, cmd, size);
1568 if (err != size) {
1569 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, err);
1570 err = -1;
1571 goto error;
1572 }
1573
1574 /* Wait for command complete event */
1575 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1576 if ( err < 0) {
1577 ALOGE("%s: Failed to set patch info on Controller", __FUNCTION__);
1578 goto error;
1579 }
1580
1581 error:
1582 return err;
1583
1584 }
1585
rome_wipower_current_charging_status_req(int fd)1586 int rome_wipower_current_charging_status_req(int fd)
1587 {
1588 int size, err = 0;
1589 unsigned char cmd[HCI_MAX_CMD_SIZE];
1590 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1591 hci_command_hdr *cmd_hdr;
1592 int flags;
1593
1594 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1595
1596 cmd_hdr = (void *) (cmd + 1);
1597 cmd[0] = HCI_COMMAND_PKT;
1598 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1599 cmd_hdr->plen = EDL_WIP_QUERY_CHARGING_STATUS_LEN;
1600 cmd[4] = EDL_WIP_QUERY_CHARGING_STATUS_CMD;
1601
1602 /* Total length of the packet to be sent to the Controller */
1603 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_QUERY_CHARGING_STATUS_LEN);
1604
1605 ALOGD("%s: Sending EDL_WIP_QUERY_CHARGING_STATUS_CMD", __FUNCTION__);
1606 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1607
1608 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1609 if ( err != size) {
1610 ALOGE("Failed to send EDL_WIP_QUERY_CHARGING_STATUS_CMD command!");
1611 goto error;
1612 }
1613
1614 /* Check for response from the Controller */
1615 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1616 err = -ETIMEDOUT;
1617 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1618 goto error;
1619 }
1620
1621 /* Read Command Complete Event - This is extra routine for ROME 1.0. From ROM 2.0, it should be removed. */
1622 if (rsp[4] >= NON_WIPOWER_MODE) {
1623 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1624 if (err < 0) {
1625 ALOGE("%s: Failed to get charging status", __FUNCTION__);
1626 goto error;
1627 }
1628 }
1629
1630 error:
1631 return err;
1632 }
1633
addon_feature_req(int fd)1634 int addon_feature_req(int fd)
1635 {
1636 int size, err = 0;
1637 unsigned char cmd[HCI_MAX_CMD_SIZE];
1638 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1639 hci_command_hdr *cmd_hdr;
1640 int flags;
1641
1642 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1643
1644 cmd_hdr = (void *) (cmd + 1);
1645 cmd[0] = HCI_COMMAND_PKT;
1646 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, HCI_VS_GET_ADDON_FEATURES_SUPPORT);
1647 cmd_hdr->plen = 0x00;
1648
1649 /* Total length of the packet to be sent to the Controller */
1650 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE);
1651
1652 ALOGD("%s: Sending HCI_VS_GET_ADDON_FEATURES_SUPPORT", __FUNCTION__);
1653 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3]);
1654 err = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1655 if ( err != size) {
1656 ALOGE("Failed to send HCI_VS_GET_ADDON_FEATURES_SUPPORT command!");
1657 goto error;
1658 }
1659
1660 err = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1661 if (err < 0) {
1662 ALOGE("%s: Failed to get feature request", __FUNCTION__);
1663 goto error;
1664 }
1665 error:
1666 return err;
1667 }
1668
1669
check_embedded_mode(int fd)1670 int check_embedded_mode(int fd) {
1671 int err = 0;
1672
1673 wipower_flag = 0;
1674 /* Get current wipower charging status */
1675 if ((err = rome_wipower_current_charging_status_req(fd)) < 0)
1676 {
1677 ALOGI("%s: Wipower status req failed (0x%x)", __FUNCTION__, err);
1678 }
1679 usleep(500);
1680
1681 ALOGE("%s: wipower_flag: %d", __FUNCTION__, wipower_flag);
1682
1683 return wipower_flag;
1684 }
1685
rome_get_addon_feature_list(int fd)1686 int rome_get_addon_feature_list(int fd) {
1687 int err = 0;
1688
1689 /* Get addon features that are supported by FW */
1690 if ((err = addon_feature_req(fd)) < 0)
1691 {
1692 ALOGE("%s: failed (0x%x)", __FUNCTION__, err);
1693 }
1694 return err;
1695 }
1696
rome_wipower_forward_handoff_req(int fd)1697 int rome_wipower_forward_handoff_req(int fd)
1698 {
1699 int size, err = 0;
1700 unsigned char cmd[HCI_MAX_CMD_SIZE];
1701 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1702 hci_command_hdr *cmd_hdr;
1703 int flags;
1704
1705 memset(cmd, 0x0, HCI_MAX_CMD_SIZE);
1706
1707 cmd_hdr = (void *) (cmd + 1);
1708 cmd[0] = HCI_COMMAND_PKT;
1709 cmd_hdr->opcode = cmd_opcode_pack(HCI_VENDOR_CMD_OGF, EDL_WIPOWER_VS_CMD_OCF);
1710 cmd_hdr->plen = EDL_WIP_START_HANDOFF_TO_HOST_LEN;
1711 cmd[4] = EDL_WIP_START_HANDOFF_TO_HOST_CMD;
1712
1713 /* Total length of the packet to be sent to the Controller */
1714 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_WIP_START_HANDOFF_TO_HOST_LEN);
1715
1716 ALOGD("%s: Sending EDL_WIP_START_HANDOFF_TO_HOST_CMD", __FUNCTION__);
1717 ALOGD("HCI-CMD: \t0x%x \t0x%x \t0x%x \t0x%x \t0x%x", cmd[0], cmd[1], cmd[2], cmd[3], cmd[4]);
1718 err = hci_send_wipower_vs_cmd(fd, (unsigned char *)cmd, rsp, size);
1719 if ( err != size) {
1720 ALOGE("Failed to send EDL_WIP_START_HANDOFF_TO_HOST_CMD command!");
1721 goto error;
1722 }
1723
1724 /* Check for response from the Controller */
1725 if (read_vs_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE) < 0) {
1726 err = -ETIMEDOUT;
1727 ALOGI("%s: WP Failed to get HCI-VS Event from SOC", __FUNCTION__);
1728 goto error;
1729 }
1730
1731 error:
1732 return err;
1733 }
1734
1735
enable_controller_log(int fd,unsigned char wait_for_evt)1736 void enable_controller_log (int fd, unsigned char wait_for_evt)
1737 {
1738 int ret = 0;
1739 /* VS command to enable controller logging to the HOST. By default it is disabled */
1740 unsigned char cmd[6] = {0x01, 0x17, 0xFC, 0x02, 0x00, 0x00};
1741 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1742 char value[PROPERTY_VALUE_MAX] = {'\0'};
1743
1744 property_get("persist.service.bdroid.soclog", value, "false");
1745
1746 // value at cmd[5]: 1 - to enable, 0 - to disable
1747 ret = (strcmp(value, "true") == 0) ? cmd[5] = 0x01: 0;
1748 ALOGI("%s: %d", __func__, ret);
1749 /* Ignore vsc evt if wait_for_evt is true */
1750 if (wait_for_evt) wait_vsc_evt = FALSE;
1751
1752 ret = hci_send_vs_cmd(fd, (unsigned char *)cmd, rsp, 6);
1753 if (ret != 6) {
1754 ALOGE("%s: command failed", __func__);
1755 }
1756 /*Ignore hci_event if wait_for_evt is true*/
1757 if (wait_for_evt)
1758 goto end;
1759 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1760 if (ret < 0) {
1761 ALOGE("%s: Failed to get CC for enable SoC log", __FUNCTION__);
1762 }
1763 end:
1764 wait_vsc_evt = TRUE;
1765 return;
1766 }
1767
disable_internal_ldo(int fd)1768 static int disable_internal_ldo(int fd)
1769 {
1770 int ret = 0;
1771 if (q.enable_extldo) {
1772 unsigned char cmd[5] = {0x01, 0x0C, 0xFC, 0x01, 0x32};
1773 unsigned char rsp[HCI_MAX_EVENT_SIZE];
1774
1775 ALOGI(" %s ", __FUNCTION__);
1776 ret = do_write(fd, cmd, 5);
1777 if (ret != 5) {
1778 ALOGE("%s: Send failed with ret value: %d", __FUNCTION__, ret);
1779 ret = -1;
1780 } else {
1781 /* Wait for command complete event */
1782 ret = read_hci_event(fd, rsp, HCI_MAX_EVENT_SIZE);
1783 if ( ret < 0) {
1784 ALOGE("%s: Failed to get response from controller", __FUNCTION__);
1785 }
1786 }
1787 }
1788 return ret;
1789 }
1790
rome_soc_init(int fd,char * bdaddr)1791 int rome_soc_init(int fd, char *bdaddr)
1792 {
1793 int err = -1, size = 0;
1794 dnld_fd = fd;
1795 ALOGI(" %s ", __FUNCTION__);
1796 RESERVED(bdaddr);
1797
1798 /* If wipower charging is going on in embedded mode then start hand off req */
1799 if (wipower_flag == WIPOWER_IN_EMBEDDED_MODE && wipower_handoff_ready != NON_WIPOWER_MODE)
1800 {
1801 wipower_flag = 0;
1802 wipower_handoff_ready = 0;
1803 if ((err = rome_wipower_forward_handoff_req(fd)) < 0)
1804 {
1805 ALOGI("%s: Wipower handoff failed (0x%x)", __FUNCTION__, err);
1806 }
1807 }
1808
1809 /* Get Rome version information */
1810 if((err = rome_patch_ver_req(fd)) <0){
1811 ALOGI("%s: Fail to get Rome Version (0x%x)", __FUNCTION__, err);
1812 goto error;
1813 }
1814
1815 ALOGI("%s: Chipset Version (0x%08x)", __FUNCTION__, chipset_ver);
1816
1817 switch (chipset_ver){
1818 case ROME_VER_1_0:
1819 {
1820 /* Set and Download the RAMPATCH */
1821 ALOGI("%s: Setting Patch Header & Downloading Patches", __FUNCTION__);
1822 err = rome_download_rampatch(fd);
1823 if (err < 0) {
1824 ALOGE("%s: DOWNLOAD RAMPATCH failed!", __FUNCTION__);
1825 goto error;
1826 }
1827 ALOGI("%s: DOWNLOAD RAMPTACH complete", __FUNCTION__);
1828
1829 /* Attach the RAMPATCH */
1830 ALOGI("%s: Attaching the patches", __FUNCTION__);
1831 err = rome_attach_rampatch(fd);
1832 if (err < 0) {
1833 ALOGE("%s: ATTACH RAMPATCH failed!", __FUNCTION__);
1834 goto error;
1835 }
1836 ALOGI("%s: ATTACH RAMPTACH complete", __FUNCTION__);
1837
1838 /* Send Reset */
1839 size = (HCI_CMD_IND + HCI_COMMAND_HDR_SIZE + EDL_PATCH_CMD_LEN);
1840 err = rome_rampatch_reset(fd);
1841 if ( err < 0 ) {
1842 ALOGE("Failed to RESET after RAMPATCH upgrade!");
1843 goto error;
1844 }
1845
1846 /* NVM download */
1847 ALOGI("%s: Downloading NVM", __FUNCTION__);
1848 err = rome_1_0_nvm_tag_dnld(fd);
1849 if ( err <0 ) {
1850 ALOGE("Downloading NVM Failed !!");
1851 goto error;
1852 }
1853
1854 /* Change baud rate 115.2 kbps to 3Mbps*/
1855 err = rome_hci_reset_req(fd);
1856 if (err < 0) {
1857 ALOGE("HCI Reset Failed !!");
1858 goto error;
1859 }
1860
1861 ALOGI("HCI Reset is done\n");
1862 }
1863 break;
1864 case ROME_VER_1_1:
1865 rampatch_file_path = ROME_RAMPATCH_TLV_PATH;
1866 nvm_file_path = ROME_NVM_TLV_PATH;
1867 goto download;
1868 case ROME_VER_1_3:
1869 rampatch_file_path = ROME_RAMPATCH_TLV_1_0_3_PATH;
1870 nvm_file_path = ROME_NVM_TLV_1_0_3_PATH;
1871 goto download;
1872 case ROME_VER_2_1:
1873 rampatch_file_path = ROME_RAMPATCH_TLV_2_0_1_PATH;
1874 nvm_file_path = ROME_NVM_TLV_2_0_1_PATH;
1875 goto download;
1876 case ROME_VER_3_0:
1877 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_0_PATH;
1878 nvm_file_path = ROME_NVM_TLV_3_0_0_PATH;
1879 fw_su_info = ROME_3_1_FW_SU;
1880 fw_su_offset = ROME_3_1_FW_SW_OFFSET;
1881 goto download;
1882 case ROME_VER_3_2:
1883 rampatch_file_path = ROME_RAMPATCH_TLV_3_0_2_PATH;
1884 nvm_file_path = ROME_NVM_TLV_3_0_2_PATH;
1885 fw_su_info = ROME_3_2_FW_SU;
1886 fw_su_offset = ROME_3_2_FW_SW_OFFSET;
1887
1888 download:
1889 /* Change baud rate 115.2 kbps to 3Mbps*/
1890 err = rome_set_baudrate_req(fd);
1891 if (err < 0) {
1892 ALOGE("%s: Baud rate change failed!", __FUNCTION__);
1893 goto error;
1894 }
1895 ALOGI("%s: Baud rate changed successfully ", __FUNCTION__);
1896 /* Donwload TLV files (rampatch, NVM) */
1897 err = rome_download_tlv_file(fd);
1898 if (err < 0) {
1899 ALOGE("%s: Download TLV file failed!", __FUNCTION__);
1900 goto error;
1901 }
1902 ALOGI("%s: Download TLV file successfully ", __FUNCTION__);
1903
1904 /* Get SU FM label information */
1905 if((err = rome_get_build_info_req(fd)) <0){
1906 ALOGI("%s: Fail to get Rome FW SU Build info (0x%x)", __FUNCTION__, err);
1907 //Ignore the failure of ROME FW SU label information
1908 err = 0;
1909 }
1910
1911 /* Disable internal LDO to use external LDO instead*/
1912 err = disable_internal_ldo(fd);
1913
1914 /* Send HCI Reset */
1915 err = rome_hci_reset(fd);
1916 if ( err <0 ) {
1917 ALOGE("HCI Reset Failed !!");
1918 goto error;
1919 }
1920
1921 ALOGI("HCI Reset is done\n");
1922
1923 break;
1924 default:
1925 ALOGI("%s: Detected unknown SoC version: 0x%08x", __FUNCTION__, chipset_ver);
1926 err = -1;
1927 break;
1928 }
1929
1930 error:
1931 dnld_fd = -1;
1932 return err;
1933 }
1934